{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-3310","assignerOrgId":"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28","assignerShortName":"Chrome","dateUpdated":"2025-05-06T15:31:24.612Z","dateReserved":"2022-09-26T00:00:00.000Z","datePublished":"2022-11-01T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28","shortName":"Chrome","dateUpdated":"2022-11-10T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)"}],"affected":[{"vendor":"Google","product":"Chrome","versions":[{"version":"unspecified","lessThan":"106.0.5249.62","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html"},{"url":"https://crbug.com/1240065"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Insufficient policy enforcement"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:07:06.485Z"},"title":"CVE Program Container","references":[{"url":"https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html","tags":["x_transferred"]},{"url":"https://crbug.com/1240065","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-602","lang":"en","description":"CWE-602 Client-Side Enforcement of Server-Side Security"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-05-06T15:30:52.726813Z","id":"CVE-2022-3310","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-06T15:31:24.612Z"}}]}}